From 547e6e920e13a312813b21b62091051424bafacb Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Mon, 12 Nov 2007 14:47:48 -0500 Subject: Redirect to the FQDN otherwise kerberos auth may fail --- ipa-server/xmlrpc-server/ipa.conf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'ipa-server/xmlrpc-server') diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf index 2931b86d..fbf26b67 100644 --- a/ipa-server/xmlrpc-server/ipa.conf +++ b/ipa-server/xmlrpc-server/ipa.conf @@ -2,12 +2,18 @@ ProxyRequests Off -# Make all requests use SSL except for Kerberos authentication errors RewriteEngine on +# Redirect to the fully-qualified hostname. Not redirecting to secure +# port so configuration files can be retrieved without requiring SSL. +RewriteCond %{HTTP_HOST} !^$FQDN$$ [NC] +RewriteRule ^/(.*) http://$FQDN/$$1 [L,R=301] + +# Redirect to the secure port if not displaying an error or retrieving +# configuration. RewriteCond %{SERVER_PORT} !^443$$ RewriteCond %{REQUEST_URI} !^/(errors|config)/ -RewriteRule ^/(.*) https://%{SERVER_NAME}/$$1 [L,R,NC] +RewriteRule ^/(.*) https://$FQDN/$$1 [L,R=301,NC] AuthType Kerberos -- cgit